Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade cipher variants to include at least SHA-384 #480

Closed
classilla opened this issue Feb 22, 2018 · 9 comments
Closed

Upgrade cipher variants to include at least SHA-384 #480

classilla opened this issue Feb 22, 2018 · 9 comments

Comments

@classilla
Copy link
Owner

@classilla classilla commented Feb 22, 2018

NSS should support this once it is taught what the ciphers actually are. We can get this from ESR52 as a down payment towards a full NSS update in the near future. In particular, from security/nss/lib/ssl/sslproto.h,

#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   0xC028

#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   0xC030
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Feb 22, 2018

We should start with TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and once that is working, consider adding the other variants.

@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Feb 22, 2018

esr52% grep -r TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 *
media/mtransport/transportlayerdtls.cpp:  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/manager/ssl/nsNSSCallbacks.cpp:    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: value = 13; break;
security/manager/ssl/nsNSSComponent.cpp:   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, true },
security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc:                          TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/nss/lib/ssl/ssl3con.c: { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
security/nss/lib/ssl/ssl3con.c:    {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384},
security/nss/lib/ssl/ssl3con.c:        case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
security/nss/lib/ssl/ssl3ecc.c:    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/nss/lib/ssl/sslenum.c:    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/nss/lib/ssl/sslproto.h:#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Feb 22, 2018

We also need

esr52/security/% grep -r cipher_aes_256_gcm *
nss/lib/ssl/ssl3con.c:    {cipher_aes_256_gcm,  calg_aes_gcm,  32,32, type_aead,   4, 0,16, 8,
nss/lib/ssl/ssl3con.c:    {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_tls13_any, ssl_hash_sha384},
nss/lib/ssl/sslimpl.h:    cipher_aes_256_gcm,
@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Feb 22, 2018

tenfourfox/security/% grep -r SEC_OID_AES_256 *
nss/lib/smime/smimeutil.c:    { SMIME_AES_CBC_256,      SEC_OID_AES_256_CBC,   NULL,            PR_TRUE, PR_TRUE }
nss/lib/smime/smimeutil.c:    case SEC_OID_AES_256_CBC:
nss/lib/softoken/lowpbe.c:    case SEC_OID_AES_256_CBC:
nss/lib/util/secoid.c:    OD( aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD( aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_ECB  = 187,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_CBC  = 188,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_KEY_WRAP     = 199,
esr52/security/% grep -r SEC_OID_AES_256 *
nss/lib/pk11wrap/pk11pars.c:    { CIPHER_NAME("AES256-CBC"), SEC_OID_AES_256_CBC, NSS_USE_ALG_IN_SSL },
nss/lib/pk11wrap/pk11pars.c:    { CIPHER_NAME("AES256-GCM"), SEC_OID_AES_256_GCM, NSS_USE_ALG_IN_SSL },
nss/lib/smime/smimeutil.c:    { SMIME_AES_CBC_256, SEC_OID_AES_256_CBC, NULL, PR_TRUE, PR_TRUE }
nss/lib/smime/smimeutil.c:        case SEC_OID_AES_256_CBC:
nss/lib/softoken/lowpbe.c:        case SEC_OID_AES_256_CBC:
nss/lib/ssl/ssl3con.c:     SEC_OID_AES_256_CBC, "AES-256", MR_128},
nss/lib/ssl/ssl3con.c:     SEC_OID_AES_256_GCM, "AES-256-GCM", MR_128},
nss/lib/util/secoid.c:    OD(aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD(aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD(aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
nss/lib/util/secoid.c:    OD(aes256_GCM, SEC_OID_AES_256_GCM,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_ECB = 187,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_CBC = 188,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_KEY_WRAP = 199,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_GCM = 320,
@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Feb 22, 2018

tenfourfox/security/% grep -r aes256_ *
nss/lib/smime/smimeutil.c:    int aes256_mapi;
nss/lib/smime/smimeutil.c:    aes256_mapi = smime_mapi_by_cipher(SMIME_AES_CBC_256);
nss/lib/smime/smimeutil.c:                  cipher_abilities[aes256_mapi]++;
nss/lib/smime/smimeutil.c:                  cipher_votes[aes256_mapi] += pref;
nss/lib/util/secoid.c:CONST_OID aes256_ECB[]                            = { AES, 41 };
nss/lib/util/secoid.c:CONST_OID aes256_CBC[]                            = { AES, 42 };
nss/lib/util/secoid.c:CONST_OID aes256_OFB[]                            = { AES, 43 };
nss/lib/util/secoid.c:CONST_OID aes256_CFB[]                            = { AES, 44 };
nss/lib/util/secoid.c:CONST_OID aes256_KEY_WRAP[]                       = { AES, 45 };
nss/lib/util/secoid.c:    OD( aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD( aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
esr52/security/% grep -r aes256_ *
nss/lib/smime/smimeutil.c:    int aes256_mapi;
nss/lib/smime/smimeutil.c:    aes256_mapi = smime_mapi_by_cipher(SMIME_AES_CBC_256);
nss/lib/smime/smimeutil.c:                    cipher_abilities[aes256_mapi]++;
nss/lib/smime/smimeutil.c:                    cipher_votes[aes256_mapi] += pref;
nss/lib/util/secoid.c:CONST_OID aes256_GCM[] = { AES, 0x2e };
nss/lib/util/secoid.c:CONST_OID aes256_ECB[] = { AES, 41 };
nss/lib/util/secoid.c:CONST_OID aes256_CBC[] = { AES, 42 };
nss/lib/util/secoid.c:CONST_OID aes256_OFB[] = { AES, 43 };
nss/lib/util/secoid.c:CONST_OID aes256_CFB[] = { AES, 44 };
nss/lib/util/secoid.c:CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
nss/lib/util/secoid.c:    OD(aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD(aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD(aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
@classilla classilla changed the title Upgrade cipher variants to include at least SHA-384 and at least one AEAD Upgrade cipher variants to include at least SHA-384 Feb 23, 2018
@classilla

This comment has been minimized.

@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Feb 23, 2018

https://hg.mozilla.org/projects/nss/rev/cd068f7ce6ae11120f8e4427aa2e8ac35a6
9e764

we should be able to just copy those files from ESR60

@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Apr 8, 2018

This may be the best means to solve https://tenfourfox.tenderapp.com/discussions/problems/8583-tff-doesnt-open-web-radio-page

It wants TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, so let's start with that, and then mirror it for the ECDSA version.

@classilla

This comment has been minimized.

Copy link
Owner Author

@classilla classilla commented Apr 10, 2018

It does indeed solve that site (and several others now select that cipher). No regressions detected. Since RSA is faster, we will defer adding ECDSA until we require it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.